Patents by Inventor Marco Casassa Mont

Marco Casassa Mont has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20160217295
    Abstract: According to an example, trusted function based data access security control may include determining a restriction set by a first entity and related to access to and/or analysis related to data under the control of the first entity. A trusted function including meta-data that describes a transformation of the data may be ascertained. A determination may be made as to whether the meta-data of the trusted function matches the restriction related to the access to and/or analysis related to the data. In response to a determination that the meta-data of the trusted function matches the restriction, the trusted function may be executed to allow controlled access to the data by a second entity. In response to a determination that the meta-data of the trusted function does not match the restriction, execution of the trusted function may be prevented to prevent access to the data by the second entity.
    Type: Application
    Filed: October 31, 2013
    Publication date: July 28, 2016
    Inventors: Patrick Goldsack, Marco Casassa Mont, Suksant Sae Lor, Simon Kai-Ying Shiu
  • Publication number: 20160182462
    Abstract: In an implementation, a view of a set of data may be based on a context. The context may include an attribute associated with an attribute list. A set of symbols may be associated with the attribute list and the set of data. A key may be associated with the attribute list and a function list.
    Type: Application
    Filed: July 26, 2013
    Publication date: June 23, 2016
    Inventors: Luis Miguel VAQUERO GONZALEZ, Suksant SAE LOR, Marco CASASSA MONT
  • Publication number: 20160112456
    Abstract: Compliance to a policy about how to treat data in a computer network environment is ensured by checking that conditions in the policy are satisfied by the entity before access to the data is provided.
    Type: Application
    Filed: October 21, 2015
    Publication date: April 21, 2016
    Inventors: Siani Pearson, Archie Reed, Marco Casassa Mont, Gina Kounga, Liqun Chen
  • Publication number: 20160078239
    Abstract: An example method for managing data in accordance with aspects of the present disclosure includes receiving from a user in the computer network environment a policy about how a piece of data should be treated, an encryption of the piece of data, a signature of a cryptographic hash of the policy and a cryptographic key, requesting from a trust authority the cryptographic key to access the piece of data, transmitting an encryption of at least one share to the trust authority, wherein the at least one share is created by and received from the trust authority, receiving from the trust authority the cryptographic key, wherein the cryptographic key is recreated by a combiner using a subset of the at least one share, shares associated with the trust authority and shares associated with the combiner, and decrypting the encryption of the piece of data using the recreated cryptographic key.
    Type: Application
    Filed: July 30, 2013
    Publication date: March 17, 2016
    Inventors: Michael Bernd Beiter, Siani Pearson, Marco Casassa Mont, Liqun Chen
  • Publication number: 20150350165
    Abstract: A computer network has a number of resources. One or more trusted localisation provider certifies the location of the resources. Encrypted data is closely associated with a policy package defining privacy policies for the data and metapolicies for their selection. A trusted privacy service enforces the privacy policies. The trusted privacy service is arranged to supply a key to a resource to allow that resource to process data if the trusted privacy service determines from the trusted localisation provider certifying the location and other contextual information of the resource that the privacy policy allows processing of the data on that resource in that location.
    Type: Application
    Filed: August 11, 2015
    Publication date: December 3, 2015
    Inventors: Marco Casassa Mont, Siani Lynne Pearson
  • Patent number: 9203621
    Abstract: Compliance to a policy about how to treat data in a computer network environment is ensured by checking that conditions in the policy are satisfied by the entity before access to the data is provided.
    Type: Grant
    Filed: July 11, 2011
    Date of Patent: December 1, 2015
    Assignee: Hewlett-Packard Development Company, L.P.
    Inventors: Siani Pearson, Archie Reed, Marco Casassa Mont, Gina L. D. Kounga, Liqun Chen
  • Patent number: 9137113
    Abstract: A computer network has a number of resources. One or more trusted localization provider certifies the location of the resources. Encrypted data is closely associated with a policy package defining privacy policies for the data and metapolicies for their selection. A trusted privacy service enforces the privacy policies. The trusted privacy service is arranged to supply a key to a resource to allow that resource to process data if the trusted privacy service determines from the trusted localization provider certifying the location and other contextual information of the resource that the privacy policy allows processing of the data on that resource in that location.
    Type: Grant
    Filed: January 20, 2006
    Date of Patent: September 15, 2015
    Assignee: Hewlett-Packard Development Company, L.P.
    Inventors: Marco Casassa Mont, Siani Lynne Pearson
  • Publication number: 20140337971
    Abstract: A mapping system is provided that makes use of security data collected from various data sources. Following appropriate pre-processing, the mapping system analyses the security data to provide estimated values for parameters in a security model, the security model in turn being based on one or more mathematical representations.
    Type: Application
    Filed: February 22, 2012
    Publication date: November 13, 2014
    Inventors: Marco Casassa Mont, Yolanta Beresnevichiene, Shane Sullivan, Richard Brown
  • Publication number: 20140119540
    Abstract: Compliance to a policy about how to treat data in a computer network environment is ensured by checking that conditions in the policy are satisfied by the entity before access to the data is provided.
    Type: Application
    Filed: July 11, 2011
    Publication date: May 1, 2014
    Inventors: Siani Pearson, Archie Reed, Marco Casassa Mont, Gina L.D. Kounga, Liqun Chen
  • Publication number: 20140096188
    Abstract: One example provides a collaborative policy refinement service to aggregate policy inputs from organizational layers and to generate security policies that are consistent across the organizational layers. This includes an interactive policy component to facilitate collaborative interaction between the organizational layers and to facilitate determination of the security policies.
    Type: Application
    Filed: June 16, 2011
    Publication date: April 3, 2014
    Inventors: Marco Casassa Mont, Siani Pearson, Pete Bramhall
  • Patent number: 8510789
    Abstract: Data to be output to a removable storage medium is encrypted for sending to an output device by an encryption process based on encryption parameters comprising public data of a trusted party and an encryption key string comprising a policy for allowing the output of the data. The trusted party provides a decryption key to the output device but only after being satisfied that the policy has been met. The decryption key is generated in dependence on the encryption key string and private data of the trusted party. The output device uses the decryption key in decrypting the data to be output. Embodiments are provided that involve multiple policies and trusted parties.
    Type: Grant
    Filed: September 16, 2003
    Date of Patent: August 13, 2013
    Assignee: Hewlett-Packard Development Company, L.P.
    Inventors: Cheh Goh, Liqun Chen, Stephen James Crane, Marco Casassa Mont, Keith Alexander Harrison
  • Publication number: 20130179937
    Abstract: A customized security model template is created that is customized for a specific organization's security related procedures. The customized security model template is instantiated with parameters associated with the organization to create an instantiated security model, and a report is produced based on simulations of the instantiated security model that specifies metrics of the organization's security implementation.
    Type: Application
    Filed: January 10, 2012
    Publication date: July 11, 2013
    Inventors: Marco Casassa Mont, Richard Brown, William G. Horne, Siva Raj Rajagopalan, Prasad V. Rao
  • Publication number: 20130117075
    Abstract: Compliance of a project is assessed by generating a graph including nodes representing attributes of the project, and populating a subset of nodes in the graph with attribute values of the project. A rule applicable to the subset of nodes is identified and applied to determine whether the attribute values comply with the rule.
    Type: Application
    Filed: November 4, 2011
    Publication date: May 9, 2013
    Inventors: Richard Brown, Marco Casassa Mont, Kieran Mccorry, Nikolaos Papanikolaou, Siani Pearson, Prasad V Rao, Tomas Sander
  • Patent number: 8397302
    Abstract: A system for analyzing a process, comprising a model engine to generate a model of the environment using multiple components defining adjustable elements of the model and including components representing a process for provisioning and de-provisioning of access credentials for an individual in the environment and a risk analyzer to calculate multiple randomized instances of an outcome for the environment using multiple values for parameters of the elements of the model selected from within respective predefined ranges for the parameters, and to use a results plan to provide data for identifying the security risk using the multiple instances.
    Type: Grant
    Filed: October 29, 2010
    Date of Patent: March 12, 2013
    Assignee: Hewlett-Packard Development Company, L.P.
    Inventors: Marco Casassa Mont, Yolanta Beresnevichiene, Simon Kai-Ying Shiu
  • Publication number: 20120179501
    Abstract: Information relating to an entity's objectives is received, a utility function based on the received objectives is derived, the utility function is compared with results from a number of simulated investment options, and the comparisons are presented to a user associated with the entity.
    Type: Application
    Filed: January 7, 2011
    Publication date: July 12, 2012
    Inventors: Yolanta Beresnevichiene, Marco Casassa Mont, David Pym, Simon Kai-Ying Shiu
  • Publication number: 20120110670
    Abstract: A system for analyzing a process, comprising a model engine to generate a model of the environment using multiple components defining adjustable elements of the model and including components representing a process for provisioning and de-provisioning of access credentials for an individual in the environment and a risk analyzer to calculate multiple randomized instances of an outcome for the environment using multiple values for parameters of the elements of the model selected from within respective predefined ranges for the parameters, and to use a results plan to provide data for identifying the security risk using the multiple instances.
    Type: Application
    Filed: October 29, 2010
    Publication date: May 3, 2012
    Inventors: Marco Casassa Mont, Yolanta Beresnevichiene, Simon Kai-Ying Shiu
  • Publication number: 20120110669
    Abstract: A system for analyzing an environment to identify a security risk, comprising a model engine to generate a model of the environment using multiple components defining adjustable elements of the model and a risk analyzer to calculate multiple randomized instances of an outcome for the environment using multiple values for parameters of the elements of the model selected from within respective predefined ranges for the parameters.
    Type: Application
    Filed: October 29, 2010
    Publication date: May 3, 2012
    Inventors: Yolanta Beresnevichiene, Adrian John Baldwin, Jonathan F. Griffin, Simon K.Y. Shiu, Marco Casassa Mont, Brian Quentin Monahan, David J. Pym
  • Patent number: 7398393
    Abstract: When sending personal data to a recipient, the data owner encrypts the data using both a public data item provided by a trusted party and an encryption key string formed using at least policy data indicative of conditions to be satisfied before access is given to the personal data. The encryption key string is typically also provided to the recipient along with the encrypted personal data. To decrypt the personal data, the recipient sends the encryption key string to the trusted party with a request for the decryption key. The trusted party determines the required decryption key using the encryption key string and private data used in deriving its public data, and provides it to the requesting recipient. However, the decryption key is either not determined or not made available until the trusted party is satisfied that the associated policy conditions have been met by the recipient.
    Type: Grant
    Filed: January 28, 2004
    Date of Patent: July 8, 2008
    Assignee: Hewlett-Packard Development Company, L.P.
    Inventors: Marco Casassa Mont, Keith Alexander Harrison, Martin Sadler, Siani Lynne Pearson
  • Patent number: 7330969
    Abstract: A method for encrypting data comprising deriving a public key using a first data set provided by a second party; encrypting a second data set with the public key; providing the encrypted third data set to the second party; providing the public key to a third party to allow validation of the first data set such that on validation of the first data set the third party provides an associated private key to the second party to allow decryption of the encrypted second data set.
    Type: Grant
    Filed: October 11, 2002
    Date of Patent: February 12, 2008
    Assignee: Hewlett-Packard Development Company, L.P.
    Inventors: Keith Alexander Harrison, Martin Sadler, Marco Casassa Mont
  • Patent number: 7321660
    Abstract: A computer system comprises a first computer entity arranged to encrypt data using an encryption key comprising a time value, and a second computer entity arranged to generate, at intervals, a decryption key using a current time value. The encryption and decryption processes are such that the decryption key generated using a current time value corresponding to that used for the encryption key, is apt to decrypt the encrypted s data.
    Type: Grant
    Filed: March 3, 2003
    Date of Patent: January 22, 2008
    Assignee: Hewlett-Packard Development Company, L.P.
    Inventors: Marco Casassa Mont, Keith Alexander Harrison, Martin Sadler